Open mbjones opened 6 years ago
Original Redmine Comment Author Name: Matt Jones (Matt Jones) Original Date: 2017-12-20T17:31:11Z
The definition of the ChecksumAlgorithm type says that algorithm names must be drawn from the Library of Congress controlled vocabulary:
The cryptographic hash algorithm used to calculate a checksum. DataONE recognizes the Library of Congress list of cryptographic hash algorithms that can be used as names in this field, and specifically uses the madsrdf:authoritativeLabel field as the name of the algorithm in this field. See: Library of Congress Cryptographic Algorithm Vocabulary. All compliant implementations must support at least SHA-1 and MD5, but may support other algorithms as well.
We should be checking against that list, and not the Java names, which may not be language neutral.
Original Redmine Comment Author Name: Jing Tao (Jing Tao) Original Date: 2018-01-18T00:10:54Z
According the list here http://id.loc.gov/vocabulary/preservation/cryptographicHashFunctions.html some names from the list are: MD5 SHA-1 SHA-256 SHA-384 SHA-512
It doesn't show SHA-224. I am not sure if it is in the list.
Author Name: Chris Jones (Chris Jones) Original Redmine Issue: 7234, https://projects.ecoinformatics.org/ecoinfo/issues/7234 Original Date: 2017-12-19 Original Assignee: Jing Tao
Bryce pointed out that we have many incorrect @checksumAlgorithm@ strings various MNs. See https://github.nceas.ucsb.edu/KNB/arctic-data/issues/283. The upshot is that @SHA-*@ is the broadly supported syntax.
I checked the strings with:
and got:
Change @MNodeService@, @CNodeService@, and @D1NodeService@ methods that send or receive @SystemMetadata@ documents and validate the given string with @MessageDigest.getInstance(algorithm)@. If we get a @NoSuchAlgorithm@ exception, throw an @InvalidSystemMetadata@ exception for the call.